Posted
by
samzenpus
on Monday February 27, 2012 @01:12PM
from the casting-the-first-e-stone dept.

Hugh Pickens writes "John Markoff writes that an unsuccessful campaign against the Vatican by Anonymous, which did not receive wide attention at the time, provides a rare glimpse into the recruiting, reconnaissance, and warfare tactics used by the shadowy hacking collective and may be the first end-to-end record of a full Anonymous attack. The attack, called Operation Pharisee in a reference to the sect that Jesus called hypocrites, was initially organized by hackers in South America and Mexico and was designed to disrupt Pope Benedict XVI's visit to Madrid in August 2011 for World Youth Day and draw attention to child sexual abuse by priests. First the hackers spent weeks spreading their message through their own website and social sites like Twitter and Flickr calling on volunteers to download free attack software and imploring them to 'stop child abuse' by joining the cause. It took the hackers 18 days to recruit enough people, then a core group of roughly a dozen skilled hackers spent three days poking around the church's World Youth Day site looking for common security holes that could let them inside. In this case, the scanning software failed to turn up any gaps so the hackers turned to a brute-force approach of a distributed denial-of-service, On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site. 'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"

Given the fact that the bishops in America have been making a fuss about the prospect of their non-religious employees having access to birth control from a third party, while frequently cited statistics claim that ~98% of Catholics use birth control, I'd say the inverse is true. The Catholic Church is presently a relative handful of idiots surrounded by a billion normal people.

'Anonymous is a handful of geniuses surrounded by a legion of idiots,' says Cole Stryker, an author who has researched the movement. 'You have four or five guys who really know what they're doing and are able to pull off some of the more serious hacks, and then thousands of people spreading the word, or turning their computers over to participate in a DDoS attack.'"

Calling the core trolls geniuses is an overstatement. Most of them are just scriptkiddies whose most sophisticated attacks are correctly guessing when the password is 12345. The strategy of Anonymous is to try hacking against easy targets and DDoS against well-secured ones. And while DDoS is relatively easy to implement, the LOIC those "geniuses" came up with is a crappy tool.

This isn't hacking, there's no skill, it is just having more bandwidth available than your target and being a dick. Of course that only works if you actually can have more bandwidth. As they found out Amazon didn't even blink, Amazon has WAY more resources than some dumbass script kiddies.

The report says that attacking browsers (yes, browsers, not PCs) were all targeted at the same URL with a few randomized URL values thrown in to force the server to treat them as separate requests. The key to defeating a DDOS, as I understand it, is to be able to separate legal requests from illegal, and route them to different places. If every attacker attacks with almost the exact same URL signature, doesn't that make it trivially easy to defeat? Am I missing something?

On the first day, the denial-of-service attack resulted in 28 times the normal traffic to the church site, rising to 34 times the next day but did not crash the site.

The only way that evil can win is if good people fail to act. If the Catholic Church is the Body of Christ started by a divine Jesus Christ, then obviously wicked men practicing their pedophaelia or hackers targeting it's website cannot destroy the Church. Metaphorically speaking, they can load the pistol and pull the

Attacking the Catholic Church in 2012 over the priest abuse scandal is like attacking Britain over John Major's policies.

The abuse scandal was a pattern of abuse and cover-up that exploded into the media spotlight in the late 80s/early 90s. The Church did wrong, but since then, they've done a lot of right - there's a zero-tolerance policies, lots of priests have been defrocked, billions in settlements have been paid, hundreds were jailed, etc. There will always be sexual abuse in any large organization with access to children - schools, Boy/Girl scouts, the YMCA, the Mendocino Physics Club, Gencon, whatever. So yes, there may be some that goes on today on a small scale...but what has changed is the organizational response. In 1970, a Bishop might have shuffled a pedophile priest to a different parish. Today, there's zero tolerance, formal processes, and a much greater awareness.

So...why attack in 2012? What is the point? If this was 1990, it'd be more understandable.

I think "anonymous" (aka a half-dozen bored kids) is just desperate to remain in the spotlight. The attention-getting is more important than any "cause". In fact, attention-getting is the cause.

That may be true in the U.S. thanks to our court system actively pursuing abusers, but that's not what I have seen around the world. Irelend [irishcentral.com] has supposedly not received cooperation for criminal investigations and cover-ups [ajc.com] may still be going on in Asia.

That may be true in the U.S. thanks to our court system actively pursuing abusers, but that's not what I have seen around the world. Irelend [irishcentral.com] has supposedly not received cooperation for criminal investigations and cover-ups [ajc.com] may still be going on in Asia.

I believe the Vatican is making the changes that were made in the US the norm for all diocese. As for Ireland, it was church officials who reported it to the authorities and a number of bishops actually resigned over it.

The problem with other parts of the world deal with social norms. When young boys and girls are getting married at the age of 14, sometimes to a significantly older spouse, is that abuse or not. By western standards, it is abuse, but it is not seen that way locally. Granted this occurs m

So...why attack in 2012? What is the point? If this was 1990, it'd be more understandable.

You missed the scandals in Europe lately, lots of abuses cases (read: *thousands* in NL, BE, FR, I repeat thousands, not one) emerged *after* the deadline for criminal prosecution. Lots of victims bear memories of youth without any compensation
and meager acknowledgement; even a priest who manages to say 'Ich habe es nicht gewusst'.
Considering the scale and impact of the abuse, it's in no way comparable to the actions of a single man;
you're downplaying the issue, your comparison is moot and insensitive, it is a structural issue (sexual repression) with no single offender, but LOTS of offenders, more than any other organization in existence.
*Any* other organization having this trackrecord of abusing children would be declared illegal immediately.
Ignorant prick.

The abuse scandal was a pattern of abuse and cover-up that exploded into the media spotlight in the late 80s/early 90s. The Church did wrong, but since then, they've done a lot of right

It depends on which country. Check in with Ireland. There is at least one other African country that I can think of off the top of my head that still has issues. They only do a lot right when the media pressure and legal battles becomes too high to just sweep it under the rug.

I believe I heard that churches are statisically safer than schools or sports programs

No, churches are no less safe. It's just statistically more likely that they'll consider themselves above the law, and shuffle the pedophile priest over to the next parish, shred the memo, and move on.

The current pope was the man put in charge of shuffling the pedophiles around and keeping it out of the press. It is highly unlikely that things have grown safer for children under his watch. After all, if it had, why did the church need to get the republicans under Bush to pass a law disallowing lawsuits and legal actions? Because what we know is only the tip of the iceberg, and the idea that the pedophile priests have all been caught, or all magically stopped doing what gets them off, is laughable.

I believe I heard that churches are statisically safer than schools or sports programs

No, churches are no less safe. It's just statistically more likely that they'll consider themselves above the law, and shuffle the pedophile priest over to the next parish, shred the memo, and move on.

The current pope was the man put in charge of shuffling the pedophiles around and keeping it out of the press. It is highly unlikely that things have grown safer for children under his watch. After all, if it had, why did the church need to get the republicans under Bush to pass a law disallowing lawsuits and legal actions? Because what we know is only the tip of the iceberg, and the idea that the pedophile priests have all been caught, or all magically stopped doing what gets them off, is laughable.

Actually, according the Pew Foundation, which actually studies things like this, churches are statistically safer than public schools and sports programs. The difference is that by law, you cannot sue the government run schools and entities when this occurs, so you don't hear about it.

There is a significant amount of data available now, particularly because of the Survivor's Network for those Abused by Priests (SNAP) and it shows that the movement of pedophiles was not as wide spread through the US church as people think. It most definitely occurred in certain dioceses, but not everywhere.

I think your information about the Bush administration passing laws to prevent lawsuits on behalf of the church is also wrong. Those cases occurred in civil courts under state jurisdiction. Federal law didn't come into play. As a matter of fact, many states extended the statute of limitations on the cases, but only for those abused in a church setting, not a public school or any other setting.

The Pew Foundation studies also show that most of the abuse in the US was from men ordained to the priesthood in the sixties and early seventies. As such, most of them are no longer active in ministry, even if they were never caught do to age restrictions.

Just thought slashdot readers should have some accurate and verifiable information.

Allowing women and married people to be priests would increase the pool of possible recruits significantly, thus the Catholic Church wouldn't have to stick with people who aren't fit to be priests. The problem with pedophilia is that it's just the tip of the iceberg. Priests are supposed to be examples of living a life dedicated to God, but if there are that many who could become priests while capable of doing an evil as great as forcing themselves in an unnatural way on a child who trusted them and whose p

Allowing women and married people to be priests would increase the pool of possible recruits significantly, thus the Catholic Church wouldn't have to stick with people who aren't fit to be priests. The problem with pedophilia is that it's just the tip of the iceberg. Priests are supposed to be examples of living a life dedicated to God, but if there are that many who could become priests while capable of doing an evil as great as forcing themselves in an unnatural way on a child who trusted them and whose protection were their duty, then it means that the selection process of priests is deeply flawed. Pedophilia is a fairly rare thing, and for every pedophile priest there are thousands who, while not that bad, commit some lesser sins that makes them incapable of serving as priests. I assume that the reason why those people could be priests is that the Catholic Church is afraid that with stricter rules there wouldn't be enough of them (although in my opinion it would still be the better alternative). Allowing more people to be eligible could solve that problem.

To abuse a child, one needs access to children. Incest is far more prevalent in the US than the abuse of minors by priests. In addition, abusers often use their own children to entice other children.

Having married priests would not change one thing, if the man was still an abuser. If anything, it would give him more access. Most scout leaders were married when the boy scouts had their problems with abuse by scout leaders. It also occurs in other denominations, which do have married clergy. Likewise, in

Anonymous is, in effect, practicing an eclectic combination of bits of espionage, sabotage and warfare. (For that matter, so is WikiLeaks.) Eventually, they will run up against people who don't think that should be confined to the online world when it has real world consequences. I really wonder if they've considered what happens then.

I would imagine that they have considered it, seeing most of the "geniuses" are probably behind six proxies.

So far, the people who have been DDoS'd have a fairly large public face so if they were go after someone who was directly linked, there would be massive repercussions. I assume this is why Julian Assange is still alive. There would be too many fingers that point to the US. I'm sure when the political fallout is low enough, he will be quietly dispatched.

They act as if tracking Anonymous is any difficultly at all. The group is highly transparent. Finding them and following them on specific issues or OPS is not difficult at all. All you need is an strong interest in the subject matter, plenty of time on your hands, and a huge bucket of popcorn.

Sounds about right, "idiots" is a bit harsh. But then the skilled hackers are transient also, so the intelligence agencies who can't grasp the concept of a leaderless collective are going to be disappointed that there aren't just a few heads to cut off...

The article (that I didn't read) exposes how it's just a group that works the exact same way as usual social dissidents. The authors don't realize that the idiots could very well be leaders in another action, and how stupidly fast and easy it is to become a leader. Anonymous is a brand name for dissidence, not an organized criminal network.

That's what it means, "we are legion". It means everyone can be replaced as long as anyone has the motivation to rally enough people to Get Shit Done

"Oh, and the fact that it's a verbatim quote from the Gospels. Pure coincidence."

Yep. Take just about ANY three words that make sense together, and they have been used millions of times over the years. And because the phrases "we are legion" and even "I am legion" have been used in many places and many contexts that are NOT even remotely related to the bible, I would say that indeed, it is much more likely than not that they had no intention of referring to scriptures when they made it part of their motto. It isn't even a direct quote. They did not say "I am Legion", they say "we are l

I didn't realize anyone thought that Anonymous was a legion of hackers. It's been previously reported that being part of Anonymous meant downloading DOS tools, so it should've already been clear that Anonymous wasn't a bunch of hackers. It seems to me that "legion of idiots" was just a gratuitous insult.

Actually being "part of Anonymous" is nothing and everything. Being an active member on any chan and posting as Anonymous (like everybody else) and actively spreading and fostering ideas is also Anonymous, no tools required...

It probably was just that...a sound bite for the mass media to be able to report on Anonymous as a bunch of idiots, rather than the slowly growing collective of like-minded individuals hell bent on keeping the power & freedom of the Internet/world in the hands of the people, not those in power. This way, the sheeple think of them as criminals, but revere the government as their protector (from what, only those idiots can tell you).

Eh, I don't know. If somebody downloads and installs tools suggested by this core group of "hacker geniuses" under the auspices of "this will hurt the bad guys, not you -- we promise" I think calling them idiots might not be gratuitous at all. "But it's open source!" Yeah. I'm just certain the people running it combed through the source and verified the hashes before they blindly did what they were told.

That nobody has fleeced the sheep yet is a small miracle, but it will happen. In fact it might be

In any field of endeavor that the speaker is not masterful in, "genius" is anybody that knows more than you do. That's most slashdotter's parents call them "computer geniuses" because they can reboot the modem when the ISP hiccups.

Victims? They don't get tricked into installing a botnet client. They install, configure and run a DDoS tool, voluntarily. Although botnet herders might participate sometimes, I don't think any infected computers count as Anonymous members...

Vigilantes are cool, sexy, nearly always total morons, and they hurt people. They do what they do specifically to hurt people who they think deserve it. It baffles me how people can on one hand "hate" the us (or whatever, I'm sure there's an oil company in there somewhere) for not always doing 100% due process properly (and screwing up at times)... and support things like anonymous.

Members of the Catholic church doesn't involve attacking people? Thats a good one. Haven't heard a joke that good in a while. They've toned down on the physical attacks on non-believers the last few centuries, but I assure you they attack people with the power of their words and influence on politics. At least as effective as any attacks Anonymous does.

"Idiots" is a gratuitous insult, although it probably seems fair to anyone who's glanced at/b/.

"Geniuses" doesn't refer to organizers, really. Some of Anonymous's actions are simply DDoS, which just takes an organizer and some idiots. It doesn't even take a particular organizer, since the legion of idiots isn't really an organized group. Their more interesting actions, though, involve some substantial hackery.

So what they're talking about is the density of actual, competent hackers vs. people who participa

Where it has gone since those days has never been challenged by those that worked to initiate the idea, as it is and always will be the individuals own choice and responsibility for what they choose to do in the name of "Anonymous",up to and including false flag events, (stupid enough to do it to yourself why would anyone protest).

Just another lame arsed "please buy my book" sensationalist. Whether it's a dead tree work by a short run minor publisher and a desperate author or a web site eventually you just start to ignore them as pointless.

The only thing that should ever be challenged is, government investigative agents seeking to gain promotion by destroying the lives of unskilled teenagers with claims of terrorism and threats to vital infrastructure with the hoodoo of "Anonymous". When government agencies started testing recruits with lie detectors completely forgetting psychopaths are born capable of passing any lie detector test, what other result could be expected.

Lazy sensationalist journalism of course does it's bit to promote readership over the truth and the harm it's lies of omission and distortion will cause it's victims.

I'm guessing the John Markoff [wikipedia.org] who wrote the first article is the guy who wrote to the world about the dangers of Kevin Mitnick [wikipedia.org]. It's a good thing Kevin was stopped before launching those nukes. Thank god for responsible journalism and best selling books.

If it's age-related you can get glasses for ten bucks. Or a CrystaLens implant for $15,000.

back on topic... from TFS -- designed to disrupt Pope Benedict XVI's visit to Madrid in August 2011 for World Youth Day and draw attention to child sexual abuse by priests.

As if everybody and his dog didn't already know about the pedophlia. I never could understand the Catholic's refusal to let priests marry, considering that one of the Apostles (Peter maybe? I'd have to look it up) said that men should marry to avoid being tempted into sinful sex, and there's surely not much that's more sinful than raping children.

Someone correct me on this if I'm wrong, but wasn't Paul (or one of the anonymous authors writing under the Paul psuedonym) responsible for the decree that priests of the Catholic Church be celibate in order to focus their energies on God?

but wasn't Paul (or one of the anonymous authors writing under the Paul psuedonym) responsible for the decree that priests of the Catholic Church be celibate in order to focus their energies on God?

In the context of the rest of the epistle (i.e. letter), the advice is being given to missionaries, basically. I.e. when you are out travelling and spreading the word, don't also be running around trying to hook up with the locals -- it kind of messes with the message you are trying to teach. Do that before or after, not during.

It's generally thought that Paul himself was a widower when he left on his travels, as marriage was a prerequisite for his pre-conversion status as a Pharisee.

I never could understand the Catholic's refusal to let priests marry, considering that one of the Apostles (Peter maybe? I'd have to look it up) said that men should marry to avoid being tempted into sinful sex, and there's surely not much that's more sinful than raping children.

I get a lot of history across my plate sideways as it were, since my wife is a history and English teacher. It's kinda fun actually -- she's already mostly vetted the books by the time they make it to the house, so I don't have to slog through lots of BS to find the good reads.:)

On-topic here, the reason the Church (big-C Catholic Church) explicitly outlawed the clergy marrying was because of clergy folks setting themselves up as little hereditary fiefdoms, complete with lines of succession and all the fun politicking and internecine warfare that usually accompanies such an arrangement. Disallowing marriage meant breaking that line of power, and is not too dissimilar from policies at the State Department that forcibly rotate diplomats -- this prevents anyone from getting too cozy (at least in theory).

In more detail, celibacy was general Church policy possibly as far back as AD 300 and is certainly mentioned in the mid-400s. This policy was often overlooked though in the hurly burly of northern European politics, and it wasn't explicitly decreed against until the mid-1000s with the Gregorian reforms. Suffice it to say that it's complicated, but the crux of the issue was inheritance and power struggles related to it.

On-topic here, the reason the Church (big-C Catholic Church) explicitly outlawed the clergy marrying was because of clergy folks setting themselves up as little hereditary fiefdoms, complete with lines of succession and all the fun politicking and internecine warfare that usually accompanies such an arrangement.

Interesting. I was taught in my history classes that it was because the early church needed land, and effectively introduced clergy celibacy as a trade. The church gives you power while you're alive, and the church gets your land once you're dead.

I never could understand the Catholic's refusal to let priests marry, considering that one of the Apostles (Peter maybe? I'd have to look it up) said that men should marry to avoid being tempted into sinful sex, and there's surely not much that's more sinful than raping children.

Pedophile priests are not raping children because they can't marry. They're raping children because they are sick men who should never have been allowed to wear a collar in the first place.

You're right about that, but you imply that there is no causal link between the pedophilia in Catholic priests and celibacy, and I'll argue that there is a causal link.

I'd argue that the causation is in the selection bias that the celibacy requirement creates. By saying that priests must be celibate, the Catholic church eliminates a huge chunk of good, non-pedophile men who might consider the priesthood if they could have sex.

The pedophiles are going to try to become priests no matter what - the celibacy

Centuries of burning people to death for attempting to translate the Bible into English should be enough of a clue by itself.

Wikipedia [wikipedia.org] describes the many English translations of scripture, starting long, long before the Reformation (the first translator they mention is St. Bede), with the Douay-Rheims version (from around 1600, preceding the KJV by a few years) as the "first complete English Catholic Bible."

Not to say there weren't people burned to death. I'd add that exaggeration doesn't help your case, but then I look at Fox News.

The Church has always lived within the rush of humanity. That it is affiliated with child rape says much more about western culture than it does about the church, if one looks at teachers, coaches, youth leaders and of course priests you will see that they all fall percentage wise into similar numbers of child predators.

In other words it's a lot like saying Democrats are criminals, because more blacks vote Democrat, and blacks have the highest incarceration rate. There's a HELL of a lot of "ism", assumption and ignorance in that statement - similar to your own comments.

The article seems to give all the credit to this Imperva company, who sounds like maybe the source for most of the story. This could mean they convinced a NY Times reporter to write an unverifiable story to boost they're street cred, or maybe they're actually better at defending websites than the Feds.

The article also raised two other points I thought were highly relevant:First, the Vatican investigated in security and network infrastructure in a way designed to absorb attacks.Second, they made the conscious decision that they weren't going to get into a PR battle with Anonymous (the Vatican official's quote about not commenting on real or potential threats.) A cynic might suggest that the Vatican is good at not commenting, but my takeaway is that this decision was mostly a "we're not going to give Anonymous the satisfaction of any sort of formal response." In a real sense, it's the same basic response that some of the most effective opposition to Westboro Baptist has given. The last thing Anonymous wants is to be ignored.

As a loyal Catholic, I believe the Holy Spirit guides the Church, otherwise I wouldn't bet on it lasting 2000 days leave alone 2000 years. Although I support Pope Benedict and think he's done a lot of good, I believe the Church survives despite its leadership, not because of it... at least these days. And like all Catholics who have not turned away from the Church, there's a reason I remain loyal to Church despite all the nonsense and corruption that goes on, because it's a loyalty to Someone much more important than the people running it.

Having said that though, not giving Anonymous the satisfaction is absolutely the best thing to do.

What you call the Holy Spirit, I call a viable systems model [wikipedia.org]. It only requires an executor branch (Systems 1-2), a managerial layer (Systems 3-4) with self-regulating oversight, and a central core (System 5) responsible to keep the organization's identity steering it to adapt to changes in the environment. A viable system may very well last for centuries or millenia if its parts are kept under control with, say, a really strict ideollogy that punish getting out of the orthodoxy.

Exactly what kind of stuff are they hiding that they need or implement better security measures than our intelligence services?

It could simply be a matter of their being less to hide, and lots of it being on paper. The sex abuse scandals probably were covered up at the diocesan level (usually the size of a county or two in the United States). Equate priest with Police officer/Sargent and Bishop with Lieutenant and think thin blue line stuff. That kind of stuff doesn't get recorded on paper. Also, if it did get recorded, it probably got recorded on PAPER not on a hard drive.

Actually a diocese is closer to the size of a state (as in, one of the United States). There are two dioceses in Virginia, for instance.

I guess it depends on the area and population. The Archdiocese of Newark covers 4 NJ counties. Archdiocese of Brooklyn covers 2 of the 5 counties in NYC. The Archdiocese of NY covers the rest of NYC and up to Dutchess county I believe.

Is 34 times daily load really a massive challenge? Presumably 'normal traffic' has peaks and troughs, and infrastructure ought to be able to overdeliver at the peaks if it is fit for purpose. A sustained attack would probably have a different peak profile, so a daily average during the attack of 34x normal daily average might mean attack peak of much less than 34x normal peak. I'm not that surprised their site stayed up, especially given how rich they are.

Why is it if something like this were done against the Jews or Muslims it would be considered a hate crime but against the Catholics people feel it is okay? Why don't all of the politically correct types denounce this? Unless it is secretly condone by them.

(a) It's an attack on the organization, not the people. That's not generally considered a hate crime.
(b) I don't see more people than usual condone this.